Folio · The Particulars
Privacy Policy
Effective 2026-05-01. Plain words, kept short on purpose.
01.The short version
Florium keeps as little as it can about you, on the device whenever possible, and never sells what it does keep. This page is the long version of that sentence.
02.What stays on your phone
Your garden (the plants you scan, the journal entries, reminders, and personal notes) is stored locally on your iPhone using SwiftData. We do not have a copy. If you reset the app or delete it, that record goes with it.
The onboarding profile (experience level, household composition, chosen plant goals) is also kept on the device.
03.What we do see
When you scan a plant, the photograph is sent to our identification service, examined, and the result is returned. The photograph is retained for up to 90 days so that we can investigate failed identifications and improve the species engine, then it is deleted along with the rest of the scan record.
We also keep, for the purposes of running the service:
- An anonymous device identifier, to attach scans to a single device for rate-limiting and abuse protection.
- A subscription status, so the app knows whether your trial or subscription is active. This is provided by RevenueCat and Apple.
- Aggregated, anonymous usage signals (which screens are visited, which features are used) through Mixpanel, so we can find rough edges to file down.
We never tie any of this to your name, your email, or your Apple ID. Florium does not ask you to make an account.
04.Who else is involved
The Florium service relies on a small set of trusted vendors:
- Apple: payments and App Store delivery.
- RevenueCat: subscription state.
- Mixpanel: anonymous product analytics.
- Cloudflare: the API and image storage that backs identification.
- Google Cloud and OpenAI: species recognition and care-guide generation. Photographs sent for identification are processed by these vendors under enterprise agreements and are not used to train their general-purpose models.
Each of these vendors is bound by its own privacy commitments. We have chosen them on the merits.
05.Tracking, advertising, third-party SDKs
Florium does not run advertising. There is no IDFA collection. There are no marketing pixels, no fingerprinting libraries, no social-network SDKs. The web pages you are reading right now use Plausible Analytics, which is cookie-less and respects Do Not Track.
06.Children
Florium is not intended for children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has used the app, please write to us and we will remove anything that may be theirs.
07.Your rights
Wherever you are, you have the right to ask what we hold, to ask for it to be corrected, and to ask for it to be deleted. Because most of your data lives on your device, deletion is usually as simple as removing the app. For anything we hold server-side, write to support@florium.app and we will act inside 30 days.
If you live in the European Union, the United Kingdom, or California, you have additional statutory rights under GDPR, UK GDPR, and the CCPA respectively. We honour all of them.
08.Where data lives
The Florium API runs on Cloudflare’s global edge. Photographs in transit are encrypted with TLS. Server-side image storage is in Cloudflare R2, in regions Cloudflare selects for performance.
09.Changes to this policy
We will update this page when something material changes, and the effective date at the top will reflect the new version. We will not quietly broaden the kinds of data we collect.
10.Contact
For anything related to your data, write to support@florium.app.
Questions? Write to support@florium.app.